PT-2019-12007 · Blogengine.Net · Blogengine.Net

Irbishop

Published

2019-07-03

Updated

2019-07-10

CVE-2019-10717

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions BlogEngine.NET version 3.3.7.0

Description The issue allows for Directory Traversal via the path parameter in the "/api/filemanager" API endpoint.

Recommendations For BlogEngine.NET version 3.3.7.0, avoid using the path parameter in the "/api/filemanager" API endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-10717

Affected Products

Blogengine.Net

PT-2019-12007 · Blogengine.Net · Blogengine.Net

CVE-2019-10717

Weakness Enumeration

Related Identifiers

Affected Products

References · 5